Quantum computing is widely seen as one of the biggest long-term threats facing Bitcoin. Some believe a so-called Qday could arrive soon, while others argue the risk is still far off and that there is time to prepare.
A recent view from industry research is that quantum computing is not an immediate threat to Bitcoin, but it is serious enough to demand preparation now. The debate is less about whether the threat matters and more about how fast it could develop and how Bitcoin should respond.
Why Quantum Computing Matters for Bitcoin
Bitcoin relies on cryptography for mining, block linking, transaction ordering, ownership, and spending. Quantum computing matters because it could eventually challenge parts of that cryptographic foundation.
Traditional computers use bits represented as ones and zeros. Quantum computers use qubits, which can be a one, a zero, or both at once. That difference unlocks exponential computational power, allowing quantum systems to tackle extremely complex algorithms and encryption, including Bitcoin’s cryptography.
Quantum computing does not threaten only Bitcoin. It also endangers digital encryption more broadly, including the keys protecting emails, cloud infrastructure, digital banking, and the internet itself. That wider risk is one reason preparation is already underway across multiple sectors.
What Satoshi Said About the Quantum Threat
The quantum risk is not a new concern. In a 2010 forum post, Satoshi Nakamoto addressed the possibility that quantum computing could compromise Bitcoin. The response was clear: if it happened suddenly, the network would face a serious problem, but if it happened gradually, Bitcoin could transition to something stronger.
That gradual path is central to the current outlook. The expectation is not that quantum computing will instantly break Bitcoin overnight, but that progress will unfold in stages, creating time for countermeasures.
How Bitcoin Is Protected Today
Bitcoin is secured by two main cryptography methods:
- Hash functions
- Elliptic curve cryptography
Hashing secures Bitcoin mining, block linking, and transaction ordering. Elliptic curve cryptography uses digital signatures to secure BTC ownership and spending through wallets.
According to the report’s framing, hashing is relatively quantum resistant, while elliptic curve cryptography is more vulnerable. That distinction is important because quantum risk is not uniform across Bitcoin’s design.
How Much BTC Is at Risk
A significant amount of BTC is considered exposed if it remains in vulnerable address types.
- Around 1.7 million BTC is considered lost
- Another 5.2 million BTC remains vulnerable unless moved to a quantum resistant wallet address
- Overall, about 65% of BTC supply is currently safe
- The remaining 35% is considered at risk
Most BTC created before 2011 uses the older P2PK format, which is vulnerable. Newer addresses are already designed to resist quantum attacks, and users can move BTC to newer quantum resistant wallet addresses.
Is Quantum Computing an Immediate Threat?
The core conclusion is that quantum computers are not yet advanced enough to break modern cryptography in a meaningful way. At the same time, the field is advancing quickly, supported by major investment and strong first-mover incentives.
That creates a mixed reality: the threat is not immediate, but it is advancing fast enough that delaying action would be risky. The practical message is to treat quantum computing as a long-term challenge that requires present-day preparation.
Preparation Already Underway
Work on quantum resilience is already happening across crypto and beyond.
- Coinbase has an independent advisory board on quantum computing
- The Ethereum Foundation runs a post-quantum team
- Strategy has launched a Bitcoin security program focused on quantum attacks
- A Bitcoin Improvement Proposal targets quantum vulnerabilities in Taproot addresses
The broader internet is also moving ahead with post-quantum cryptography, or PQC. Defenses are described as being years ahead of the quantum computers that would threaten them.
The Five Stages of Quantum Development
Rather than focus on a single doomsday moment, the report outlines a staged framework for understanding quantum progress and its likely impact on Bitcoin.
Stage 0: Quantum Computers Exist but Are Not Commercially Viable
This is the current stage. Several hundred quantum machines exist in research labs worldwide. These are often called noisy intermediate-scale quantum, or NISQ, computers.
The best systems have achieved almost 100 logical qubits and a logical depth of around 65, meaning they can execute roughly 65 algorithmic steps before errors become too frequent. These machines are mostly used to study quantum computing itself and do not outperform classical computers for everyday tasks.
Research is concentrated in North America, Europe, and China. In the West, companies such as Google, IBM, and Microsoft work with startups and often share results publicly. In China, state universities and government-backed efforts play a larger role.
Stage 1: Quantum Computers Become Commercially Viable
Instead of assigning a precise date, the report points to milestones that would suggest stage 1 has arrived:
- Quantum computers reliably running 100 logical qubits
- Research labs publishing useful results beyond quantum studies
- Companies finally turning a profit
Stage 2: Outdated Cryptography Starts to Break
At this point, cryptographically relevant quantum computers, or CRQCs, begin breaking weaker and older cryptography. These systems would likely target legacy systems first.
A likely strategy at this stage is harvest now, decrypt later, where data is captured today and decrypted sometime in the future.
Stage 3: Bitcoin Cryptography Can Be Broken Slowly
In stage 3, CRQCs can break Bitcoin’s cryptography, but only slowly. Vulnerable addresses would be exposed, while quantum resistant addresses would remain safer.
Any BTC left in vulnerable addresses would be at risk. Around 1.7 million BTC could be immediately exposed, with more at risk if holders fail to upgrade. Even so, these attacks would likely happen one vulnerable address at a time rather than all at once.
That slower pace could give Bitcoin developers time to make necessary changes before too much BTC is stolen.
Stage 4: Bitcoin Cryptography Can Be Broken Rapidly
This is the most severe stage. CRQCs would be able to break Bitcoin’s cryptography in minutes or less. At that point, all quantum vulnerable BTC could be stolen within weeks, if not days.
Trying to move exposed funds could actually increase exposure. If elliptic curve cryptography could be broken in under 10 minutes, even pending transactions could be at risk because blocks are produced every 10 minutes.
Why Qday May Be More Hype Than Reality
Many people imagine a sudden Bitcoin apocalypse triggered by quantum computing. The staged model challenges that idea. The report argues that quantum technology is more likely to develop gradually, like other major technologies, which means its effect on Bitcoin would probably be gradual as well.
This matters because a gradual timeline changes the response. Instead of preparing for an instant collapse, the focus shifts to monitoring milestones, updating infrastructure, and moving users toward safer address types before the highest-risk stages arrive.
Key Questions Investors Should Watch
How Long Until the First Bitcoin Public Key Is Broken?
Predictions vary. Some expect CRQCs could crack Bitcoin by 2030, while others think it is decades away. The general consensus among institutions and government agencies is that this could happen in the mid-2030s.
Some analysts believe quantum computing may never crack Bitcoin, but that view may underestimate future breakthroughs and demand.
How Long Until the Second Key Is Broken?
Breaking one key does not mean all keys fall instantly. There is a major difference between hacking one wallet and broadly breaking Bitcoin wallet encryption.
The example given is Satoshi’s roughly 1.1 million BTC, spread across about 22,000 wallets holding around 50 BTC each. If breaking a single key took one hour, cracking all 22,000 would take more than three years. At one day per key, it would take around 60 years. At one week per key, it would take over 400 years.
That timeline could shorten if multiple quantum machines worked in parallel or if the technology advanced faster, but stealing all vulnerable BTC would still likely take several years unless everything aligned perfectly for attackers.
Who Would Be Able and Motivated to Attack?
Today, quantum machines are controlled by institutions with reputations to protect, which makes criminal use less likely for now. In the future, quantum computing may become a global industry. If one group cracks a key first, others could replicate the capability within months.
The report compares this to the way AI has entered everyday life. Rather than a single all-powerful machine, quantum attacks could become relatively common over time, depending on cost, complexity, and expected profit.
What Would It Cost to Break Bitcoin Keys?
Any attack would likely be profit-driven. Costs would include advanced quantum systems, energy for cooling, control electronics, development, manufacturing, staffing, operations, and maintenance.
In 2023, the Homeland Security Operational Analysis Center estimated that breaking a single Bitcoin key could cost around $100,000 in electricity alone. Those costs may fall as the technology improves, while Bitcoin’s price may rise over time.
How Can Bitcoin Be Protected?
Protection is already possible through quantum resistant addresses, where most BTC already exists. The remaining BTC does not face real risk until stage 3, when CRQCs begin slowly breaking Bitcoin’s encryption.
Still, fully quantum safe cryptography needs to be adopted well before stage 4.
Post-Quantum Cryptography and Bitcoin
Post-quantum cryptography has been in development ever since it became clear that quantum computers could break current encryption. Two strong signature schemes were rigorously tested and standardized in 2024, increasing confidence in post-quantum preparation.
PQC is rapidly becoming part of the internet’s core infrastructure. OpenSSH and OpenSSL now include PQC by default and warn users when vulnerable encryption is used. Major web platforms have also adopted PQC, meaning a large share of global internet traffic is already protected against future quantum attacks.
Why Upgrading Bitcoin Is Harder
Upgrading Bitcoin at the consensus level is more difficult than updating traditional internet applications.
- Blockchain storage is costly and limited
- Bitcoin Script computing is costly and limited
- PQC must be resource efficient
- Implementations must work with HD wallets and hardware devices
- Even soft forks can create friction among developers, miners, and investors
No PQC implementation or BIP has yet gained consensus because of trade-offs in speed, complexity, key size, signature size, and statefulness. In December 2025, Blockstream Research highlighted hash-based signatures as promising, since Bitcoin already depends on hash functions.
At the same time, moving too quickly carries risks. Bitcoin is not easily updated, and rushed deployment could introduce bugs, weaken functionality, and trigger costly setbacks.
The Debate Over Vulnerable Coins
Even if Bitcoin adopts a quantum safe address type through a soft fork, that does not fully solve the issue. A large amount of BTC would still remain in quantum vulnerable addresses and could eventually be stolen by capable CRQCs.
Some proposals suggest freezing or burning those coins after a grace period for holders to move funds. After that grace period, remaining BTC would become immovable, meaning even true owners would lose access.
This idea has drawn backlash. Critics argue it sets a dangerous precedent of censorship disguised as safety. Bitcoin’s appeal includes self-sovereignty and resistance to control, so some believe the truest response is to do nothing and let events unfold naturally.
The report’s authors argue that deciding how to implement PQC should remain separate from deciding what to do about quantum vulnerable coins, but they also acknowledge that in practice the two issues are deeply connected and highly controversial.
Three Plausible Scenarios for Bitcoin and Quantum Computing
Pessimistic Scenario
Quantum computing advances rapidly, possibly accelerated by AI. Bitcoin would be underprepared, and developers would have to rush out a quick fix with limited time for careful consideration.
Even then, Bitcoin would continue functioning and most holders would remain safe. PQC proposals already exist, and if CRQCs began targeting Bitcoin, a quantum resistant soft fork could be deployed quickly by the network.
The downside is that a rushed fork could require new hardware or software wallets, disrupt financial services, introduce bugs, trigger disputes over lost BTC, and even cause chain splits and financial losses.
Optimistic Scenario
Quantum technology hits unexpected roadblocks and enters a winter phase. In that case, investment would slow and Bitcoin developers would have decades to implement a carefully considered PQC solution.
The community would have more time to agree on the best path. Users, wallets, hardware devices, and financial services would also have more time to adapt, creating a more stable environment.
Balanced Scenario
A CRQC attack is still 10 to 20 years away. That would give researchers time to develop robust PQC algorithms while quantum computers first become commercially viable at stage 1.
Bitcoin could adopt a PQC soft fork, though the process would likely be slow and controversial. If stage 2 arrived and weaker cryptography started to fail, the community could coordinate a solution before CRQCs posed an immediate threat.
In this scenario, lost or vulnerable BTC would not be restricted. Disputes would likely continue, but Bitcoin’s 21 million supply cap would remain intact while the network transitions toward quantum resistant addresses.
Long-Term Outlook
The overall conclusion is that quantum computing should be viewed as a long-term challenge, not an immediate threat. Education is essential, because investors need to understand quantum risks, governance trade-offs, and how post-quantum infrastructure could affect Bitcoin security.
At the same time, uncertainty remains. Nobody knows exactly when meaningful quantum breakthroughs will occur. That is why some argue developers should treat the threat as if it could arrive tomorrow, even if the most likely timeline is longer.
The strongest message is that the threat is too big to ignore and the stakes are too high. Quantum resistance is now getting the attention it deserves, and the central unresolved issue is not whether Bitcoin can adapt, but how the community will deal with vulnerable coins.
FAQ
Is quantum computing an immediate threat to Bitcoin?
No. The view presented is that quantum computing is not an immediate threat to Bitcoin, although it is advancing quickly and should be taken seriously.
What is Qday?
Qday is the idea that a quantum computer could theoretically break Bitcoin, creating a Bitcoin apocalypse. The report challenges the idea of a sudden event and suggests a more gradual progression instead.
Which part of Bitcoin is more vulnerable to quantum attacks?
Elliptic curve cryptography is described as more vulnerable, while hashing is considered relatively quantum resistant.
How much BTC is currently considered at risk?
About 35% of BTC supply is considered at risk, while about 65% is currently considered safe.
What are CRQCs?
CRQCs are cryptographically relevant quantum computers. These are the machines that would begin breaking outdated cryptography and, in later stages, could target Bitcoin’s cryptography.
Can users reduce their exposure?
Yes. Users can move BTC from vulnerable addresses to newer quantum resistant wallet addresses.
Does Bitcoin already have post-quantum defenses being discussed?
Yes. Work is already underway through advisory efforts, security programs, Bitcoin Improvement Proposals, and broader post-quantum cryptography development.
Would Bitcoin fail if quantum attacks begin?
The view presented is that Bitcoin would continue functioning even in a worst-case scenario, although the response could be disruptive and controversial.
What is the hardest part of the Bitcoin quantum debate?
The hardest part is deciding what to do about BTC that remains in quantum vulnerable addresses. Freezing or burning those coins is controversial, while doing nothing also carries risks.
What is the main takeaway for investors?
Quantum computing should be seen as a long-term challenge rather than an immediate threat, with careful protocol updates and ongoing education playing a central role in Bitcoin’s preparation.
Original Source
An Indian crypto journalist covering the developments in the Bitcoin and blockchain industries. Her work helps readers understand key changes in the world of digital assets.
